wikijs-fork/server/middlewares/auth.js

const jwt = require('jsonwebtoken')
const moment = require('moment')

const securityHelper = require('../helpers/security')

/* global WIKI */

/**
 * Authentication middleware
 */
module.exports = {
  jwt(req, res, next) {
    WIKI.auth.passport.authenticate('jwt', {session: false}, async (err, user, info) => {
      if (err) { return next() }

      // Expired but still valid within 7 days, just renew
      if (info instanceof Error && info.name === 'TokenExpiredError' && moment().subtract(14, 'days').isBefore(info.expiredAt)) {
        const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
        try {
          const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
          user = newToken.user

          // Try headers, otherwise cookies for response
          if (req.get('content-type') === 'application/json') {
            res.set('new-jwt', newToken.token)
          } else {
            res.cookie('jwt', newToken.token, { expires: moment().add(365, 'days').toDate() })
          }
        } catch (err) {
          return next()
        }
      }

      // JWT is NOT valid
      if (!user) { return next() }

      // JWT is valid
      req.logIn(user, { session: false }, (err) => {
        if (err) { return next(err) }
        next()
      })
    })(req, res, next)
  },
  checkPath(req, res, next) {
    // Is user authenticated ?

    if (!req.isAuthenticated()) {
      if (WIKI.config.public !== true) {
        return res.redirect('/login')
      } else {
        // req.user = rights.guest
        res.locals.isGuest = true
      }
    } else {
      res.locals.isGuest = false
    }

    // Check permissions

    // res.locals.rights = rights.check(req)

    // if (!res.locals.rights.read) {
    //   return res.render('error-forbidden')
    // }

    // Expose user data

    res.locals.user = req.user

    return next()
  }
}
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`const jwt = require('jsonwebtoken')`
			`const moment = require('moment')`

			`const securityHelper = require('../helpers/security')`

refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`/* global WIKI */`
Merged core back into main project 2017-04-02 23:56:47 +00:00
Base Project Files 2016-08-17 00:56:55 +00:00			`/**`
			`* Authentication middleware`
			`*/`
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`module.exports = {`
			`jwt(req, res, next) {`
			`WIKI.auth.passport.authenticate('jwt', {session: false}, async (err, user, info) => {`
			`if (err) { return next() }`

			`// Expired but still valid within 7 days, just renew`
fix: TokenExpiredError no longer recognized 2018-12-08 16:47:57 +00:00			`if (info instanceof Error && info.name === 'TokenExpiredError' && moment().subtract(14, 'days').isBefore(info.expiredAt)) {`
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`const jwtPayload = jwt.decode(securityHelper.extractJWT(req))`
			`try {`
			`const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)`
			`user = newToken.user`

			`// Try headers, otherwise cookies for response`
			`if (req.get('content-type') === 'application/json') {`
feat: jwt renew via graphql + users create/authorize UI 2018-10-14 03:22:42 +00:00			`res.set('new-jwt', newToken.token)`
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`} else {`
feat: auth advanced settings UI + reload auth on save 2018-10-13 03:14:11 +00:00			`res.cookie('jwt', newToken.token, { expires: moment().add(365, 'days').toDate() })`
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`}`
			`} catch (err) {`
			`return next()`
			`}`
			`}`
Base Project Files 2016-08-17 00:56:55 +00:00
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`// JWT is NOT valid`
			`if (!user) { return next() }`

			`// JWT is valid`
			`req.logIn(user, { session: false }, (err) => {`
			`if (err) { return next(err) }`
			`next()`
			`})`
			`})(req, res, next)`
			`},`
			`checkPath(req, res, next) {`
			`// Is user authenticated ?`

			`if (!req.isAuthenticated()) {`
			`if (WIKI.config.public !== true) {`
			`return res.redirect('/login')`
			`} else {`
			`// req.user = rights.guest`
			`res.locals.isGuest = true`
			`}`
Merged core back into main project 2017-04-02 23:56:47 +00:00			`} else {`
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`res.locals.isGuest = false`
Merged core back into main project 2017-04-02 23:56:47 +00:00			`}`
Base Project Files 2016-08-17 00:56:55 +00:00
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`// Check permissions`
Base Project Files 2016-08-17 00:56:55 +00:00
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`// res.locals.rights = rights.check(req)`
Merged core back into main project 2017-04-02 23:56:47 +00:00
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`// if (!res.locals.rights.read) {`
			`// return res.render('error-forbidden')`
			`// }`
Added access rights feature + read access check 2016-11-01 02:44:00 +00:00
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`// Expose user data`
Base Project Files 2016-08-17 00:56:55 +00:00
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`res.locals.user = req.user`
Base Project Files 2016-08-17 00:56:55 +00:00
feat: auth jwt, permissions, login ui (wip) 2018-10-08 04:17:31 +00:00			`return next()`
			`}`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`}`